Tuesday, September 10, 2013

My site is blacklisted. What next?

Quttera's support team is being constantly contacted by website anti-malware monitoring customers whose website(s) were blacklisted. This post lists several (not all) blacklisting authorities and how to submit your site for (re)testing by them.

First, you should make sure your website no longer hosts malware, spam or any other potentially harmful content. You can do it by yourself or if you're ThreatSign customer you can simply let us do it for you.

To check by yourself, you can start with online scanning via VirusTotal and/or Quttera online scanner. When reviewing the reports make a list of vendors that detect your website.

For example in VirusTotal report:

VirusTotal report

In detection ratio you can see the number of detected engines. Below, in the Analysis tab find URL scanners that mark your site as Malware site. Later we'll see hot to request a retesting by them.

In Quttera security report. In addition to the Blacklisting you see the file-by-file breakdown with all potentially suspicious content. Expand the Scanned files analysis tab and review the threat dump for each file. Go on and check manually each one of them on your server. Remove the threat and try to re-scan again.

Quttera online scanner report

Once you're sure your website is clean you can continue to the next stage of the process - submit for review/ re-test.

Submit website(s) for review by blacklisting authorities

First, it is important to mention that it is time-consuming and the results are not immediate. With Google, for example, it might take up to 3-4 days. So the key is to be patient. Below is the list that is not complete but will be a good start. We will update this post if will be required by readers/users.

1. Google Safe Browsing

The process is straight forward via Webmaster Tools and is described here https://support.google.com/webmasters/answer/168328

Request a malware review by Google

2. Sophos

We found these two ways to contact this vendor:

Reassessment Request - http://www.sophos.com/en-us/threat-center/ip-lookup.aspx#sthash.Uvzz5Bor.dpuf




and
SophosLabs IP Address Classification Lookup - https://secure2.sophos.com/en-us/threat-center/reassessment-request.aspx



As stated by Sophos you will not be contacted automatically, but they assure that the request will be reviewed in a timely manner.


3. Fortinet

Submit review request as follows:

1. Enter your website URL here and click lookup

FortiGuard Center



2.  When the report is generated scroll fown to the Classification/Rating request and fill the form. Click submit. You can add screenshot as well.

FortiGuard - Rating Request


3.  Bitdefender

The only way we found is to register in the Forum and ask for website review.

http://forum.bitdefender.com/index.php?showforum=138


BitDefender - submit website for review via Forum/ False Positive reporting

4.  Scumware

We found just simple contact form. http://www.scumware.org/contact.scumware
In the message section ask them to review your site.

Scumware - contact form


5. McAfee Site Advisor

In the User Feedback page fill in the form and choose the Type of inquiry as Submit a site for (re) testing.

McAfee - submit a site for blacklist removal

Summary

It is always a head-ache to get out of blacklists, so preventive measures and monitoring are essential steps to avoid this. Let us know if the info in post was helpful and share your experience. Read more about common pitfalls that make your website hacking easier here.